Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa
File:                     1225cc34-f5d1-422d-9202-634bc8e5a66b.roa (raw, json)
Hash identifier:          kzEkhbemcorKM/oWjOevtPQHBZ3L27VPqhcYEAFuIT0=
Subject key identifier:   90:7E:30:4B:87:48:44:D7:10:C1:B5:66:71:2C:BA:82:91:2B:3D:9F
Certificate issuer:       /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial:       5F135A21E2FFBBB308D186F83D4437D935CF2CCB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa
Signing time:             Mon 17 Jun 2024 00:00:00 +0000
ROA not before:           Mon 17 Jun 2024 00:00:00 +0000
ROA not after:            Mon 22 Jul 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        51.80.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:13:5a:21:e2:ff:bb:b3:08:d1:86:f8:3d:44:37:d9:35:cf:2c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
        Validity
            Not Before: Jun 17 00:00:00 2024 GMT
            Not After : Jul 22 23:59:59 2024 GMT
        Subject: serialNumber=1c110be462e99f024384977a3aeb485c91399e1681bd026b69a96ef18911a383, CN=c336411a-6651-4f13-8ef9-de681c7c9444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7c:75:b3:d0:33:9f:78:68:d5:0d:ad:e0:d9:
                    33:3c:d6:88:f3:5c:af:01:be:11:83:49:24:6d:de:
                    49:56:0d:79:8a:93:c0:5b:4d:5f:f0:5e:07:11:7b:
                    4f:c0:1b:9f:24:70:42:7c:66:f1:1d:c2:35:ae:e8:
                    69:ea:9a:34:f2:3d:bc:05:ab:3d:63:59:b1:fc:34:
                    46:4a:99:67:cb:d5:8f:b6:04:2f:0b:65:29:5d:7f:
                    68:0f:35:0a:09:90:ba:b6:46:4a:e6:eb:13:42:83:
                    8d:2b:cb:06:43:cb:bd:dd:67:2a:12:e5:3d:b6:5a:
                    95:29:49:fd:28:8e:4f:d3:58:01:77:fb:52:ec:0a:
                    72:be:b0:f7:ba:81:7e:79:df:31:14:62:61:d8:88:
                    d9:b0:82:6b:e4:a8:91:dc:c8:5e:85:76:ea:39:90:
                    c3:6b:6a:6e:89:7a:9f:bd:dc:49:f5:40:3a:b0:16:
                    10:99:03:40:85:f2:68:d6:c7:7d:71:6d:34:5c:d2:
                    de:e5:f9:e2:12:37:aa:84:cd:a7:aa:4e:84:78:16:
                    ee:c7:4f:63:63:89:75:03:f0:03:42:14:59:9a:18:
                    4e:f5:99:03:14:98:b5:2f:bb:49:1d:08:ed:ed:ec:
                    7a:e5:e3:06:16:10:eb:a2:04:32:ef:ca:55:f2:f1:
                    25:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7E:30:4B:87:48:44:D7:10:C1:B5:66:71:2C:BA:82:91:2B:3D:9F
            X509v3 Authority Key Identifier:
                keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/1225cc34-f5d1-422d-9202-634bc8e5a66b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:19:b9:87:fe:8d:2b:74:6e:94:a4:ef:04:45:c5:76:77:11:
         49:69:4c:28:8f:2d:0b:1d:c3:3f:98:c9:2f:63:70:bc:f1:40:
         14:55:04:2e:28:1e:3e:1d:c8:20:5c:32:8b:98:6f:7b:30:38:
         0a:ee:03:fe:19:60:66:15:6e:62:20:88:62:5e:fc:a2:8e:83:
         ac:8b:5c:12:26:a6:05:c0:2b:43:4c:63:ed:60:37:38:53:80:
         41:a0:36:df:9e:14:7e:18:ee:29:8b:74:68:84:8a:b7:71:f6:
         12:0f:08:ed:09:12:07:45:82:f0:63:db:39:27:8a:50:b0:c3:
         b6:93:8d:31:28:da:78:eb:ca:3f:c4:71:c4:42:2c:9b:36:56:
         86:a5:75:45:9c:58:55:59:75:2f:93:77:95:07:b0:21:53:28:
         cc:f7:76:69:34:ab:28:3f:f4:f1:7a:33:25:f6:1a:78:b4:b5:
         35:89:19:32:49:c4:46:74:8a:f9:da:63:bc:9a:45:14:6b:fa:
         dc:46:79:6a:9c:08:7f:10:a9:a6:2c:2b:9b:ee:5d:b7:95:b3:
         8f:2f:76:f7:bd:af:a0:85:8a:00:95:ad:12:35:49:e3:e3:ff:
         94:64:6f:89:0a:aa:07:2d:07:f6:53:37:ba:a4:10:25:a5:2d:
         cc:58:e4:a7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXxNaIeL/u7MI0Yb4PUQ32TXPLMswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNDA2MTcwMDAwMDBaFw0yNDA3MjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMTEwYmU0NjJlOTlmMDI0Mzg0OTc3YTNhZWI0ODVjOTEzOTllMTY4MWJk
MDI2YjY5YTk2ZWYxODkxMWEzODMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM18dbPQM594aNUNreDZMzzWiPNcrwG+EYNJJG3eSVYNeYqTwFtNX/BeBxF7
T8AbnyRwQnxm8R3CNa7oaeqaNPI9vAWrPWNZsfw0RkqZZ8vVj7YELwtlKV1/aA81
CgmQurZGSubrE0KDjSvLBkPLvd1nKhLlPbZalSlJ/SiOT9NYAXf7UuwKcr6w97qB
fnnfMRRiYdiI2bCCa+SokdzIXoV26jmQw2tqbol6n73cSfVAOrAWEJkDQIXyaNbH
fXFtNFzS3uX54hI3qoTNp6pOhHgW7sdPY2OJdQPwA0IUWZoYTvWZAxSYtS+7SR0I
7e3seuXjBhYQ66IEMu/KVfLxJb0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSQfjBL
h0hE1xDBtWZxLLqCkSs9nzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIyNWNjMzQtZjVkMS00MjJkLTkyMDItNjM0YmM4ZTVhNjZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNQMA0G
CSqGSIb3DQEBCwUAA4IBAQCXGbmH/o0rdG6UpO8ERcV2dxFJaUwojy0LHcM/mMkv
Y3C88UAUVQQuKB4+HcggXDKLmG97MDgK7gP+GWBmFW5iIIhiXvyijoOsi1wSJqYF
wCtDTGPtYDc4U4BBoDbfnhR+GO4pi3RohIq3cfYSDwjtCRIHRYLwY9s5J4pQsMO2
k40xKNp468o/xHHEQiybNlaGpXVFnFhVWXUvk3eVB7AhUyjM93ZpNKsoP/TxejMl
9hp4tLU1iRkyScRGdIr52mO8mkUUa/rcRnlqnAh/EKmmLCub7l23lbOPL3b3va+g
hYoAla0SNUnj4/+UZG+JCqoHLQf2Uze6pBAlpS3MWOSn
-----END CERTIFICATE-----
Generated at Wed Jun 26 02:09:55 2024 by rpki-client on console-ams.rpki-client.org